Abstract
By a computational puzzle we mean a mildly difficult computational problem that requires resources (processor cycles, memory, or both) to solve. Puzzles have found a variety of uses in security. In this paper we are concerned with client puzzles: a type of puzzle used as a defense against Denial of Service (DoS) attacks. The main contribution of this paper is a formal model for the security of client puzzles.We clarify the interface that client puzzles should offer and give two security notions for puzzles. Both functionality and security are inspired by, and tailored to, the use of puzzles as a defense against DoS attacks.Our definitions fill an important gap: breaking either of the two properties immediately leads to successful DoS attacks. We illustrate this point with an attack against a previously proposed puzzle construction.We also provide a generic construction of a client puzzle which meets our security definitions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Aiello, W., Bellovin, S.M., Blaze, M., Canetti, R., Ioannidis, J., Kermoytis, A.D., Reingold, O.: Just Fast Keying: Key Agreement In A Hostile Internet. ACM Trans. on Info. and Syst. Sec. 4, 1–30 (2004)
Aura, T., Nikander, P., Leiwo, J.: DoS-Resistant Authentication with Client Puzzles. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–181. Springer, Heidelberg (2001)
Barak, B., Mahmoody–Ghidary, M.: Merkle Puzzles are Optimal. Cryptology ePrint archive, report 2008/032 (2008)
Biham, E., Goren, Y.J., Ishai, Y.: Basing Weak Public-Key Cryptoraphy on Strong One-Way Functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 55–72. Springer, Heidelberg (2008)
Canetti, R., Halevi, S., Steiner, M.: Hardness Amplification of Weakly Verifiable Puzzles. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 17–33. Springer, Heidelberg (2005)
Chen, L., Mao, W.: An Auditable Metering Scheme for Web Advertisement Applications. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 475–485. Springer, Heidelberg (2001)
Douligeris, C., Mitrokotsa, A.: DDoS Attacks and Defence mechanisms: Classification and State–of–the–Art. Computer Networks 44, 643–666 (2004)
Dwork, C., Naor, M.: Pricing via Processing or Combatting Junk Email. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)
Eddy, W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987
Gao, Y.: Efficient Trapdoor-Based Client Puzzle System Against DoS Attacks. M.Sc Thesis, University of Wollongong, Computer Science Department (2005)
Groza, B., Petrica, D.: On Chained Cryptographic Puzzles. In: 3rd Romanian-Hungarian Joint Symp. on Applied Comput. Intel. – SACI, pp. 25–26 (2006)
Impagliazzo, R., Rudich, S.: Limits on the Provable Consequences of One–Way Permutations. In: ACM Symp. on the Theory of Comp. – STOC 1989, pp. 44–61 (1989)
Jakobsson, M., Juels, A.: Proofs of Work and Bread Pudding Protocols. In: Joint Working Conference on Secure Information Networks: Communications and Multimedia Security. IFIP Conference Proceedings, vol. 152, pp. 258–272 (1999)
Juels, A., Brainard, J.: Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks. In: ISOC Network and Distributed System Security Symposium, pp. 151–165 (1999)
Karig, D., Lee, R.: Remote Denial of Service Attacks and Countermeasures. Princeton University Department of Electrical Engineering Technical Report CE–L2001–002 (2001)
Meadows, C.: A Formal Framework and Evaluation Method for Network Denial of Service. In: 12th Computer Security Foundations Workshop, pp. 4–13. IEEE Computer Society Press, Los Alamitos (1999)
Meadows, C.: A Cost–Based Framework for Analysis of Denial of Service in Networks. Journal of Computer Security 9, 143–164 (2001)
Merkle, R.: Secure Communications Over Insecure Channels. Communications of the ACM 21, 294–299 (1978)
Mirkovic, J., Martin, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34, 39–53 (2004)
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol. Internet Draft (October 2007)
Price, G.: A General Attack Model of Hash-Based Client Puzzles. In: Paterson, K.G. (ed.) Cryptography and Coding 2003. LNCS, vol. 2898, pp. 319–331. Springer, Heidelberg (2003)
Rivest, R.L., Shamir, A., Wagner, D.: Time-lock Puzzles and Timed-release Crypto. Massachusetts Institute of Technology Technical Report TR-684 (1996)
Rogaway, P.: Formalizing Human Ignorance. In: Nguyên, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 211–228. Springer, Heidelberg (2006)
Schaller, P., Capkun, S., Basin, D.: BAP: Broadcast Authentication Using Cryptographic Puzzles. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 401–419. Springer, Heidelberg (2007)
Smith, J., González–Nieto, J.M., Boyd, C.: Modelling Denial of Service Attacks on JFK with Meadows’s Cost–Based Framework. In: Proceedings of the 2006 Australasian workshop on Grid computing and e–research, vol. 54, pp. 125–134 (2006)
Specht, S., Lee, R.: Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures. In: 17th International Conference on Parallel and Distributed Computing Systems, pp. 543–550 (2004)
Tritilanunt, S., Boyd, C., Foo, E., González Nieto, J.M.: Toward Non-parallelizable Client Puzzles. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 247–264. Springer, Heidelberg (2007)
Waters, B., Juels, A., Halderman, J.A., Felten, E.W.: New Client Puzzle Outsourcing Techniques for DoS Resistance. In: 11th ACM Conference on Computer and Communication Security – CCS, pp. 246–256. ACM Press, New York (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, L., Morrissey, P., Smart, N.P., Warinschi, B. (2009). Security Notions and Generic Constructions for Client Puzzles. In: Matsui, M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10366-7_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-10366-7_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10365-0
Online ISBN: 978-3-642-10366-7
eBook Packages: Computer ScienceComputer Science (R0)